From owner-svn-src-stable@freebsd.org  Thu Dec 14 13:06:43 2017
Return-Path: <owner-svn-src-stable@freebsd.org>
Delivered-To: svn-src-stable@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 74F9DEA35F8;
 Thu, 14 Dec 2017 13:06:43 +0000 (UTC)
 (envelope-from eugen@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 4D1EE34AC;
 Thu, 14 Dec 2017 13:06:43 +0000 (UTC)
 (envelope-from eugen@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id vBED6gYS073509;
 Thu, 14 Dec 2017 13:06:42 GMT (envelope-from eugen@FreeBSD.org)
Received: (from eugen@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id vBED6f0Y073503;
 Thu, 14 Dec 2017 13:06:41 GMT (envelope-from eugen@FreeBSD.org)
Message-Id: <201712141306.vBED6f0Y073503@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: eugen set sender to
 eugen@FreeBSD.org using -f
From: Eugene Grosbein <eugen@FreeBSD.org>
Date: Thu, 14 Dec 2017 13:06:41 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org
Subject: svn commit: r326848 - stable/11/usr.sbin/pw
X-SVN-Group: stable-11
X-SVN-Commit-Author: eugen
X-SVN-Commit-Paths: stable/11/usr.sbin/pw
X-SVN-Commit-Revision: 326848
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-stable@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: SVN commit messages for all the -stable branches of the src tree
 <svn-src-stable.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-stable>, 
 <mailto:svn-src-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable/>
List-Post: <mailto:svn-src-stable@freebsd.org>
List-Help: <mailto:svn-src-stable-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-stable>,
 <mailto:svn-src-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Dec 2017 13:06:43 -0000

Author: eugen
Date: Thu Dec 14 13:06:41 2017
New Revision: 326848
URL: https://svnweb.freebsd.org/changeset/base/326848

Log:
  MFC r326738: pw(8): correct expiration period handling
    and command line overrides to preconfigured values for -e, -p and -w flags.
  
    Use non-negative symbols instead of magic values
    in passwd_val/pw_password functions.
  
  PR:		223431
  Submitted by:	Yuri Pankov (in part, patch for the manual)
  Approved by:	mav (mentor)
  Relnotes:	yes

Modified:
  stable/11/usr.sbin/pw/psdate.c
  stable/11/usr.sbin/pw/psdate.h
  stable/11/usr.sbin/pw/pw.8
  stable/11/usr.sbin/pw/pw.h
  stable/11/usr.sbin/pw/pw_conf.c
  stable/11/usr.sbin/pw/pw_user.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/usr.sbin/pw/psdate.c
==============================================================================
--- stable/11/usr.sbin/pw/psdate.c	Thu Dec 14 12:54:20 2017	(r326847)
+++ stable/11/usr.sbin/pw/psdate.c	Thu Dec 14 13:06:41 2017	(r326848)
@@ -38,7 +38,7 @@ static const char rcsid[] =
 #include "psdate.h"
 
 
-static int
+int
 numerics(char const * str)
 {
 

Modified: stable/11/usr.sbin/pw/psdate.h
==============================================================================
--- stable/11/usr.sbin/pw/psdate.h	Thu Dec 14 12:54:20 2017	(r326847)
+++ stable/11/usr.sbin/pw/psdate.h	Thu Dec 14 13:06:41 2017	(r326848)
@@ -33,6 +33,7 @@
 #include <sys/cdefs.h>
 
 __BEGIN_DECLS
+int numerics(char const * str);
 time_t parse_date(time_t dt, char const * str);
 void print_date(char *buf, time_t t, int dotime);
 __END_DECLS

Modified: stable/11/usr.sbin/pw/pw.8
==============================================================================
--- stable/11/usr.sbin/pw/pw.8	Thu Dec 14 12:54:20 2017	(r326847)
+++ stable/11/usr.sbin/pw/pw.8	Thu Dec 14 13:06:41 2017	(r326848)
@@ -24,7 +24,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd April 23, 2016
+.Dd December 10, 2017
 .Dt PW 8
 .Os
 .Sh NAME
@@ -611,6 +611,14 @@ that the account expires.
 A value of 0 suppresses automatic calculation of the expiry date.
 .It Fl p Ar days
 Set the default password expiration period in days.
+When
+.Fl D
+is used, the
+.Ar days
+argument is interpreted differently.
+It must be numeric and represents the number of days after creation
+that the account expires.
+A value of 0 suppresses automatic calculation of the expiry date.
 .It Fl g Ar group
 Set the default group for new users.
 If a blank group is specified using

Modified: stable/11/usr.sbin/pw/pw.h
==============================================================================
--- stable/11/usr.sbin/pw/pw.h	Thu Dec 14 12:54:20 2017	(r326847)
+++ stable/11/usr.sbin/pw/pw.h	Thu Dec 14 13:06:41 2017	(r326848)
@@ -47,6 +47,14 @@ enum _mode
         M_NUM
 };
 
+enum _passmode
+{
+	P_NO,
+	P_NONE,
+	P_RANDOM,
+	P_YES
+};
+
 enum _which
 {
         W_USER,

Modified: stable/11/usr.sbin/pw/pw_conf.c
==============================================================================
--- stable/11/usr.sbin/pw/pw_conf.c	Thu Dec 14 12:54:20 2017	(r326847)
+++ stable/11/usr.sbin/pw/pw_conf.c	Thu Dec 14 13:06:41 2017	(r326848)
@@ -198,18 +198,18 @@ passwd_val(char const * str, int dflt)
 
 		for (i = 0; booltrue[i]; i++)
 			if (strcmp(str, booltrue[i]) == 0)
-				return 1;
+				return P_YES;
 		for (i = 0; boolfalse[i]; i++)
 			if (strcmp(str, boolfalse[i]) == 0)
-				return 0;
+				return P_NO;
 
 		/*
 		 * Special cases for defaultpassword
 		 */
 		if (strcmp(str, "random") == 0)
-			return -1;
+			return P_RANDOM;
 		if (strcmp(str, "none") == 0)
-			return -2;
+			return P_NONE;
 
 		errx(1, "Invalid value for default password");
 	}

Modified: stable/11/usr.sbin/pw/pw_user.c
==============================================================================
--- stable/11/usr.sbin/pw/pw_user.c	Thu Dec 14 12:54:20 2017	(r326847)
+++ stable/11/usr.sbin/pw/pw_user.c	Thu Dec 14 13:06:41 2017	(r326848)
@@ -515,7 +515,9 @@ pw_password(struct userconf * cnf, char const * user, 
 	char            pwbuf[32];
 
 	switch (cnf->default_password) {
-	case -1:		/* Random password */
+	case P_NONE:		/* No password at all! */
+		return "";
+	case P_RANDOM:			/* Random password */
 		l = (arc4random() % 8 + 8);	/* 8 - 16 chars */
 		for (i = 0; i < l; i++)
 			pwbuf[i] = chars[arc4random_uniform(sizeof(chars)-1)];
@@ -531,17 +533,13 @@ pw_password(struct userconf * cnf, char const * user, 
 			fflush(stdout);
 		}
 		break;
-
-	case -2:		/* No password at all! */
-		return "";
-
-	case 0:		/* No login - default */
-	default:
-		return "*";
-
-	case 1:		/* user's name */
+	case P_YES:		/* user's name */
 		strlcpy(pwbuf, user, sizeof(pwbuf));
 		break;
+	case P_NO:		/* No login - default */
+				/* FALLTHROUGH */
+	default:
+		return "*";
 	}
 	return pw_pwcrypt(pwbuf);
 }
@@ -1122,11 +1120,20 @@ validate_mode(char *mode)
 	return (m);
 }
 
+static long
+validate_expire(char *str, int opt)
+{
+	if (!numerics(str))
+		errx(EX_DATAERR, "-%c argument must be numeric "
+		     "when setting defaults: %s", (char)opt, str);
+	return strtol(str, NULL, 0);
+}
+
 static void
 mix_config(struct userconf *cmdcnf, struct userconf *cfg)
 {
 
-	if (cmdcnf->default_password == 0)
+	if (cmdcnf->default_password < 0)
 		cmdcnf->default_password = cfg->default_password;
 	if (cmdcnf->reuse_uids == 0)
 		cmdcnf->reuse_uids = cfg->reuse_uids;
@@ -1164,9 +1171,9 @@ mix_config(struct userconf *cmdcnf, struct userconf *c
 		cmdcnf->min_gid = cfg->min_gid;
 	if (cmdcnf->max_gid == 0)
 		cmdcnf->max_gid = cfg->max_gid;
-	if (cmdcnf->expire_days == 0)
+	if (cmdcnf->expire_days < 0)
 		cmdcnf->expire_days = cfg->expire_days;
-	if (cmdcnf->password_days == 0)
+	if (cmdcnf->password_days < 0)
 		cmdcnf->password_days = cfg->password_days;
 }
 
@@ -1198,6 +1205,9 @@ pw_user_add(int argc, char **argv, char *arg1)
 	if ((cmdcnf = calloc(1, sizeof(struct userconf))) == NULL)
 		err(EXIT_FAILURE, "calloc()");
 
+	cmdcnf->default_password = cmdcnf->expire_days = cmdcnf->password_days = -1; 
+	now = time(NULL);
+
 	if (arg1 != NULL) {
 		if (arg1[strspn(arg1, "0123456789")] == '\0')
 			id = pw_checkid(arg1, UID_MAX);
@@ -1226,12 +1236,16 @@ pw_user_add(int argc, char **argv, char *arg1)
 			homedir = optarg;
 			break;
 		case 'e':
-			now = time(NULL);
-			cmdcnf->expire_days = parse_date(now, optarg);
+			if (genconf)
+			    cmdcnf->expire_days = validate_expire(optarg, ch);
+			else
+			    cmdcnf->expire_days = parse_date(now, optarg);
 			break;
 		case 'p':
-			now = time(NULL);
-			cmdcnf->password_days = parse_date(now, optarg);
+			if (genconf)
+			    cmdcnf->password_days = validate_expire(optarg, ch);
+			else
+			    cmdcnf->password_days = parse_date(now, optarg);
 			break;
 		case 'g':
 			validate_grname(cmdcnf, optarg);
@@ -1369,8 +1383,12 @@ pw_user_add(int argc, char **argv, char *arg1)
 	pwd->pw_uid = pw_uidpolicy(cmdcnf, id);
 	pwd->pw_gid = pw_gidpolicy(cnf, grname, pwd->pw_name,
 	    (gid_t) pwd->pw_uid, dryrun);
-	pwd->pw_change = cmdcnf->password_days;
-	pwd->pw_expire = cmdcnf->expire_days;
+	
+	if (cmdcnf->password_days > 0)
+		pwd->pw_change = now + cmdcnf->password_days * 86400L;
+	if (cmdcnf->expire_days > 0)
+		pwd->pw_expire = now + cmdcnf->expire_days * 86400L;
+
 	pwd->pw_dir = pw_homepolicy(cmdcnf, homedir, pwd->pw_name);
 	pwd->pw_shell = pw_shellpolicy(cmdcnf);
 	lc = login_getpwclass(pwd);
@@ -1511,6 +1529,7 @@ pw_user_mod(int argc, char **argv, char *arg1)
 	class = nispasswd = NULL;
 	quiet = createhome = pretty = dryrun = nis = precrypted = false;
 	edited = false;
+	now = time(NULL);
 
 	if (arg1 != NULL) {
 		if (arg1[strspn(arg1, "0123456789")] == '\0')
@@ -1540,11 +1559,9 @@ pw_user_mod(int argc, char **argv, char *arg1)
 			homedir = optarg;
 			break;
 		case 'e':
-			now = time(NULL);
 			expire_days = parse_date(now, optarg);
 			break;
 		case 'p':
-			now = time(NULL);
 			password_days = parse_date(now, optarg);
 			break;
 		case 'g':
@@ -1679,13 +1696,14 @@ pw_user_mod(int argc, char **argv, char *arg1)
 		}
 	}
 
-	if (password_days >= 0 && pwd->pw_change != password_days) {
-		pwd->pw_change = password_days;
+
+	if (password_days >= 0) {
+		pwd->pw_change = now + password_days * 86400L;
 		edited = true;
 	}
 
-	if (expire_days >= 0 && pwd->pw_expire != expire_days) {
-		pwd->pw_expire = expire_days;
+	if (expire_days >= 0) {
+		pwd->pw_expire = now + expire_days * 86400L;
 		edited = true;
 	}